Vulnerability Archives • Page 3 of 190 • Daily CyberSecurity

High-Severity NGINX Flaw Lets Attackers Inject Malicious Data NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

High-Severity NGINX Flaw Lets Attackers Inject Malicious Data

Do Son February 5, 2026

F5 has issued a security advisory for a high-severity vulnerability affecting NGINX, the world’s most popular web...

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild

Do Son February 4, 2026

The clock is ticking for organizations running SolarWinds Web Help Desk (WHD), as a nightmare scenario unfolds:...

Gatekeeper Breached: 4 Critical Ingress-Nginx Flaws Risk Cluster Secrets Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Gatekeeper Breached: 4 Critical Ingress-Nginx Flaws Risk Cluster Secrets

Do Son February 3, 2026

For Kubernetes administrators, the Ingress-Nginx controller is the trusted gatekeeper, routing traffic from the wild internet to...

From User to SYSTEM: PoC Released for Zabbix Privilege Escalation CVE-2024-42330 Zabbix Privilege Escalation CVE-2025-27237

From User to SYSTEM: PoC Released for Zabbix Privilege Escalation

Do Son January 30, 2026

The race to patch has begun for administrators using Zabbix on Windows, following the public release of...

Exploit Code Publicly Released: Critical Firefox WebRTC Flaw Allows RCE (CVSS 9.8) Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Exploit Code Publicly Released: Critical Firefox WebRTC Flaw Allows RCE (CVSS 9.8)

Do Son January 27, 2026

A critical vulnerability in Mozilla Firefox has been found, with security researchers publicly releasing both the technical...

PoC Released for Critical Oracle E-Business Suite Flaw Exploited by Ransomware Oracle E-Business Suite RCE CVE-2025-61882 PoC

PoC Released for Critical Oracle E-Business Suite Flaw Exploited by Ransomware

Do Son January 26, 2026

Vietnamese security researcher MB VRED has publicly released the technical blueprints and proof-of-concept (PoC) exploit code for...

Public PoC Exploit Released for Critical Android Flaw Grants Apps Permissions Without You Knowing Android CVE-2024-23700 Zero-Interaction Exploit Candiru spyware Android vulnerability, security update

Android CVE-2024-23700 Zero-Interaction Exploit Candiru spyware Android vulnerability, security update

Public PoC Exploit Released for Critical Android Flaw Grants Apps Permissions Without You Knowing

Do Son January 23, 2026

A critical privilege escalation vulnerability in the Android ecosystem is raising alarms after security researcher Canyie publicly...

7 Million Exposed: Critical CVSS 9.8 RCE Vulnerability Hits Laravel Reverb Laravel Reverb Vulnerability CVE-2026-23524

7 Million Exposed: Critical CVSS 9.8 RCE Vulnerability Hits Laravel Reverb

Do Son January 22, 2026

A critical vulnerability has been discovered in Laravel Reverb, a massively popular WebSocket package used by millions...

10-Year-Old GNU Inetutils Telnetd Flaw Lets Hackers Log In as Root via “-f root” GNU Inetutils Telnetd Root Authentication Bypass

10-Year-Old GNU Inetutils Telnetd Flaw Lets Hackers Log In as Root via “-f root”

Do Son January 21, 2026

A critical-severity security flaw has been disclosed in GNU Inetutils, specifically within its telnetd server, allowing remote...

PoC Exploit Released: Failed Windows Patch Leaks Kernel Secrets Windows Kernel Exploit CVE-2025-53136

PoC Exploit Released: Failed Windows Patch Leaks Kernel Secrets

Do Son January 19, 2026

A security patch intended to fix a Windows kernel vulnerability inadvertently created a new information disclosure flaw....

Exploit Code Published: Critical FortiSIEM Flaw Grants Unauthenticated Root Access FortiSIEM PoC Exploit CVE-2025-64155

Exploit Code Published: Critical FortiSIEM Flaw Grants Unauthenticated Root Access

Do Son January 14, 2026

Security researchers have blown the lid off a critical vulnerability in Fortinet’s FortiSIEM appliance, publicly releasing proof-of-concept...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Details Exposed: High-Severity Aruba VIA Root Flaw Publicly Disclosed

Do Son January 14, 2026

HPE Aruba Networking has issued a security alert for users of its Virtual Intranet Access (VIA) client...

Siemens Issues Critical Alert for Maximum 10.0 Vulnerability in Industrial Systems Siemens Edge Vulnerability CVE-2025-40805 CVE-2024-32741 - CVE-2025-27494 Siemens, Industrial Edge, CVE-2024-54092

Siemens Edge Vulnerability CVE-2025-40805 CVE-2024-32741 - CVE-2025-27494 Siemens, Industrial Edge, CVE-2024-54092

Siemens Issues Critical Alert for Maximum 10.0 Vulnerability in Industrial Systems

Do Son January 14, 2026

Siemens has issued an urgent security warning for operators of its Industrial Edge ecosystem, disclosing a critical...

Hikvision Security Cameras and Access Controls Hit by Stack Overflow Flaws Hikvision Vulnerability CVE-2026-0709 Hikvision Vulnerability CVE-2025-66176 Hikvision, vulnerability Canada Hikvision Ban, National Security Hikvision firmware updates

Hikvision Vulnerability CVE-2026-0709 Hikvision Vulnerability CVE-2025-66176 Hikvision, vulnerability Canada Hikvision Ban, National Security Hikvision firmware updates

Hikvision Security Cameras and Access Controls Hit by Stack Overflow Flaws

Do Son January 13, 2026

A pair of high-severity vulnerabilities has been uncovered in the digital backbone of Hikvision security products, potentially...

WAFs Wide Open: Critical OWASP CRS Flaw Bypasses Filters Radware WAF, WAF bypass OWASP CRS Vulnerability CVE-2026-21876

WAFs Wide Open: Critical OWASP CRS Flaw Bypasses Filters

Do Son January 12, 2026

A foundational pillar of web application security has cracked. The OWASP Core Rule Set (CRS) team has...

Critical Centreon Alert: 9.8 Severity Flaw Exposes IT Monitoring CVE-2024-55573 & CVE-2024-53923 Centreon AWIE Vulnerabilities CVE-2025-15029

Critical Centreon Alert: 9.8 Severity Flaw Exposes IT Monitoring

Do Son January 9, 2026

Centreon, a key player in IT infrastructure monitoring, is urging administrators to update their systems immediately following...

“Sophisticated” Zero-Day Demystified: Public Exploit Drop Blows Cover on Critical Apple WebKit Flaw Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

“Sophisticated” Zero-Day Demystified: Public Exploit Drop Blows Cover on Critical Apple WebKit Flaw

Do Son January 8, 2026

The “black box” of a highly sophisticated Apple zero-day has just been cracked open. Security researcher jir4vv1t...

wolfSSH Alert: Critical Logic Flaw Exposes Client Passwords in Clear Text wolfSSL Vulnerability Certificate Validation Bypass wolfSSH Vulnerability CVE-2025-14942